Our company’s product is an application running in a container. It listens on port 2222 to establish a Command Line Interface.
A customer is having issues with SSH, we have never seen this issue before, and cannot reproduce with the exact same OS (RHEL 7.8), Docker version (RHEL packaged 1.13.1) + Container (our app, same version).
When they do:
ssh -p 2222 <user>@<ip>
The errors they see client-side is:
server refused to allocate pty or
PTY allocation request failed on channel 0
The error logs within our app (server) are:
openpty: Operation not permitted
session_pty_req: session 0 alloc failed
pam_unix(sshd:session): session closed for user <>
Googling this, a possibility is incorrect permissions on: /dev/pts, or /dev/pts/ptmx, or /dev/ptmx. But they are correct here.
Another possibility is that mount of devpts is missing gid=5. I checked and the mounts look correct both on the host and container.
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=666 0 0
I’ve cross checked my system against the customer’s. It all looks to be matching, but obviously something is wrong.
Another data point: Currently they run the container using
docker run --user 100001:0 ... where user-id=1000001, group-id=0 or root. If instead, they run the container as root
docker run --user 0:0 ... then this issue does not occur. It’s a permissions issue somewhere.
Has anyone encountered this before?
Any hints would be much appreciated as I’m out of ideas.